At this level of detail, this doesn't make sense at all.
If they have "penetrated the billing system", why do they have to rack
up charges? Just bill anything you like to the customer. Or skip this
step with the customer and insert charges to be paid to an external SP,
basically manipulating the clearing between network operator and
content/whatever provider.
How can you cause cramming just by knowing a destination IP (unless
packet charges)?
Why the log on and ping wizardry? They'll have a netblock and once you
know it, you know it.
How can you "provide services" just by knowing destination IP?
Why investing tens of thousands of dollars in a solution, when all you
have to do is prevent inbound connections at the gateway? And fix the
vulnerability that inbound connections can have such a big effect (if
true)... And get some IDS.... aargh.
I would not take it serious unless more facts are provided. Looks like
someone is trying to get some headlines.
Dirk
On Friday, Oct 3, 2003, at 11:46 Asia/Tokyo, Nick May wrote:
> Hi,
>
> I don't know much about GPRS systems and billing, but I am not sure
> your objections to the claims succeed....
>
> This is how Kewney describes the attack....
>
> http://www.newswireless.net/articles/031002-scam.html
>> and, unbelievably, there was nothing to stop them simply providing
>> services direct to that IP address - and taking the money out of the
>> GPRS billing system to pay for it.
>
> and this is your criticism....
>> Now the "hackers" just continue pinging the address causing extra
>> traffic and the "hackers" supposedly steal money from the packet
>> charges.
>
> I agree that "provide services" is unclear - but it does not look like
> a packet charge scam. The billing method is also opaque. But the
> article does claim
>
> http://www.newswireless.net/articles/031002-scam.html
>> by hackers penetrating the billing system.
>
> so it is not necessarily true that....
>
> http://www.appelsiini.net/~tuupola/archives/128/
>> The operator must be offering revenue share for the GPRS traffic
>
> Presumably one would have to hack into the internal network to get
> access to the (private?) i.p addresses that are being assigned to
> customers. (Or are they not private - can I ping them from the net?)
>
> But then I know bugger all about GPRS system billing, so you may be
> right....
>
>
> Nick
>
>
>
>
> On Friday, October 3, 2003, at 01:27 AM, keitai-l@appelsiini.net wrote:
>
>>
>> Oh my:
>>
>> http://www.newswireless.net/articles/031002-scam.html
>>
>> and why I think this is bogus:
>>
>> http://www.appelsiini.net/~tuupola/archives/128/
>>
>> --
>> Mika Tuupola http://www.appelsiini.net/~tuupola/
>>
>>
>> This mail was sent to address nick@kyushu.com
>> Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/
>>
>>
>
>
> This mail was sent to address d.rosler@jens.co.jp
> Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/
Received on Fri Oct 3 06:26:21 2003